Vulnerability Description
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The "surrogate" functionality on the user profile of the application does not perform sufficient access control that could lead to an account takeover. Any profile on the application can perform this attack and access any other user assigned tasks via the "inbox/surrogate tasks".
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Teamcenter Visualization | >= 12.4.0, < 12.4.0.8 |
Related Weaknesses (CWE)
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdfPatchVendor Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdfPatchVendor Advisory
FAQ
What is CVE-2021-40354?
CVE-2021-40354 is a vulnerability with a CVSS score of 7.1 (HIGH). A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All vers...
How severe is CVE-2021-40354?
CVE-2021-40354 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-40354?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Teamcenter Visualization.